Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 6.4.8 Hyperscale Firewall Release Notes

Changes to setting the hyperscale VDOM policy offload level

6.4.8
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6
Copy Link
Copy Doc ID 2d41ab62-4d5b-11ec-bdf2-fa163e15d75b:413212
Download PDF

Changes to setting the hyperscale VDOM policy offload level

FortiOS 6.4.8 includes the following command to change the policy offload level of a hyperscale firewall VDOM:

config system setings

set policy-offload-level {disable | dos-offload | full-offload}

end

disable disable hyperscale firewall features and disable offloading DoS policy sessions to NP7 processors for this VDOM. All sessions are initiated by the CPU. Sessions that can be offloaded are sent to NP7 processors. This is the default setting.

dos-offload offload DoS policy sessions to NP7 processors for this VDOM. All other sessions are initiated by the CPU. Sessions that can be offloaded are sent to NP7 processors.

full-offload enable hyperscale firewall features for the current hyperscale firewall VDOM. This option is only available if the FortiGate is licensed for hyperscale firewall features. DoS policy sessions are also offloaded to NP7 processors. All other sessions are initiated by the CPU. Sessions that can be offloaded are sent to NP7 processors.

Note

FortiOS 6.4.8 removes the default option of the policy-offload-level command that was available for previous versions. When upgrading from a previous version of FortiOS to version 6.4.8, if policy-offload-level is set to default before the upgrade, the firmware upgrade process changes the setting to disable.
Previous
Next

Changes to setting the hyperscale VDOM policy offload level

FortiOS 6.4.8 includes the following command to change the policy offload level of a hyperscale firewall VDOM:

config system setings

set policy-offload-level {disable | dos-offload | full-offload}

end

disable disable hyperscale firewall features and disable offloading DoS policy sessions to NP7 processors for this VDOM. All sessions are initiated by the CPU. Sessions that can be offloaded are sent to NP7 processors. This is the default setting.

dos-offload offload DoS policy sessions to NP7 processors for this VDOM. All other sessions are initiated by the CPU. Sessions that can be offloaded are sent to NP7 processors.

full-offload enable hyperscale firewall features for the current hyperscale firewall VDOM. This option is only available if the FortiGate is licensed for hyperscale firewall features. DoS policy sessions are also offloaded to NP7 processors. All other sessions are initiated by the CPU. Sessions that can be offloaded are sent to NP7 processors.

Note

FortiOS 6.4.8 removes the default option of the policy-offload-level command that was available for previous versions. When upgrading from a previous version of FortiOS to version 6.4.8, if policy-offload-level is set to default before the upgrade, the firmware upgrade process changes the setting to disable.
Previous
Next